New malware hijacks your computer, encrypts files

This one’s insidious and perfectly timed for the holidays: a malware bomb disguised as an innocent-looking package tracking email:

It’s called cryptolocker ransomware.

Kevin Swindon is with the FBI in Boston.

“I would think about this particular type of malware as what would happen if your computer was destroyed,” Swindon said.

In the past 90 days, thousands of people worldwide have opened a seemingly innocuous link to track a holiday package. Suddenly, all the files on their computer are encrypted.

Joan Goodchild is the editor of “CSO,” Chief Security Officer magazine based in Framingham.

“This is a criminal operation. They are holding your folders and files ransom. We call this ransomware because that is exactly what it is. You need to pay in order to have access to them once again.”

And that’s what the Swansea police department did, paying $750 to unlock their computers. One wonders what happened to the poor schlimazl who first opened that email.

This is also a timely reminder to be careful about what emails you open. I’m sure almost anyone reading this has received “phishing” messages, fakes that look like they’re from real companies, but really want you to log into their fake web site so they can steal your ID and password. Some of them are so badly done, they’re funny, others are pretty slick pieces of work. This is more vicious, hijacking your system and extorting ransom to get it back.

Take my advice: if you receive email from a company where you have an account (such as Amazon, eBay, PayPal, &c…) that looks at all suspicious, don’t open it; instead, forward it to their security address. They’ll let you know if it’s real or not, and they’re very interested in tracking down fraudsters.

To borrow a line from Hill Street Blues, “Let’s be careful out there.”

5 thoughts on “New malware hijacks your computer, encrypts files”

Case in point regarding emails from “Amazon” – my mom has an iMac and is getting phishing emails from a supposed Amazon order tracker. It contains the typical “business-like” text in the email but it also asks you to click on a .zip file to track your order.
She’s gotten a few of these and my dad got at least one.
DO NOT CLICK ON ANY ATTACHMENT WITHIN AN EMAIL if it’s from one of these supposed shopping sites, or anyone else you aren’t familiar with.

It’s updated as Cryptolocker evolves. You’ll need to check the site regurarly for new versions, or shell out $20 for the premium version that automatically updates.

CryptoPrevent is also available at MajorGeeks.com but their site search engine doesn’t work very well – just select Anti-Virus on the left hand menu and scroll through the alphabetic list until you find it.

CryptoPrevent isn’t a substitute for common sense – heed the warning comments others have made above. ;)